The XMLHttpRequest object in Mozilla 1.7.8 supports the HTTP TRACE method, which allows remote malicious users to obtain (1) proxy authentication passwords via a request with a "Max-Forwards: 0" header or (2) arbitrary local passwords on the web server that hosts this object.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla mozilla 1.7.8 |